On Sat, May 17, 2014 at 09:08:06 CEST, Heinz Diehl wrote: > On 16.05.2014, Arno Wagner wrote: > > > I just want to warn everybody not to place too great stock > > into these results. I have participated in similar, non-public > > analyses and they can only ever go so deep. Cleverly hidden or > > disguised backdoors may easily be overlooked... > > I agree. > > I posted the article because of TC's widespread use, and I'm not aware > of any comprehensive review/audit of its source (I'm not using TC > myself). Posting it is fine. It does contain valuable information. For example, I think from the report one can deduce that TrueCrypt is not very likely to have low-value vulnerabilities, hence, for example, ordinary law-enforcement and ordinary criminals will likely not get in and more widely available forensics tools will likely also not work. I just wanted to give context which may be non-obvious to people that have not done something like this themselves. And yes, I am using TC, but not for secret things. "Business Confidential" is the highest level I am willing to trust it with. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
